diff --git a/lib/PayPro.js b/lib/PayPro.js index 75b29948a..02a87b9fa 100644 --- a/lib/PayPro.js +++ b/lib/PayPro.js @@ -63,12 +63,6 @@ PayPro.prototype.x509Verify = function() { var pem = this._DERtoPEM(der, 'CERTIFICATE'); var verified = verifier.verify(pem, sig); - if (verified) { - console.log('PaymentRequest verified (node)'); - } else { - console.log('PaymentRequest not verified (node)'); - } - var chain = pki_data; // Verifying the cert chain: @@ -102,24 +96,8 @@ PayPro.prototype.x509Verify = function() { var nc = rfc3280.Certificate.decode(ndata, 'der'); var npubKeyAlg = PayPro.getAlgorithm( nc.tbsCertificate.subjectPublicKeyInfo.algorithm.algorithm); - var fnpubKey = nc.tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.data; - fnpubKey = self._DERtoPEM(fnpubKey, npubKeyAlg + ' PUBLIC KEY'); - - // - // Get Public Key from next certificate via KJUR: - // - var js = new KJUR.crypto.Signature({ - alg: type + 'withRSA', - prov: 'cryptojs/jsrsa' - }); - js.initVerifyByCertificatePEM(npem); - var kjrsapubKey = js.pubKey; // RSAKey - var kjnpubKey = KJUR.KEYUTIL.getPEM(js.pubKey); // PEM - - // - // NOTE: The asn1.js pubKey and KJUR pubKey differ for some reason (the - // KJUR one is not RSA: consult docs, there may be an alternate method). - // + var npubKey = nc.tbsCertificate.subjectPublicKeyInfo.subjectPublicKey.data; + npubKey = self._DERtoPEM(npubKey, npubKeyAlg + ' PUBLIC KEY'); // // Get Signature Value from current certificate: @@ -129,11 +107,12 @@ PayPro.prototype.x509Verify = function() { var sigAlg = PayPro.getAlgorithm(c.signatureAlgorithm.algorithm, 1); var sig = c.signature.data; - // NOTE: - // CHECK: c.tbsCertificate.issuer === nc.tbsCertificate.subject; + // NOTE - check this in the future: + // c.tbsCertificate.issuer === nc.tbsCertificate.subject; // // Create a To-Be-Signed Certificate to verify using asn1.js: + // XXX The signature algorithm seems to get mangled here. // // var tbs = rfc3280.TBSCertificate.encode(c.tbsCertificate, 'der'); var tbs = rfc3280.TBSCertificate.encode({ @@ -149,58 +128,15 @@ PayPro.prototype.x509Verify = function() { extensions: c.tbsCertificate.extensions }, 'der'); - // - // Debug - // - // print(c); - // print(nc); - - // - // Verify current certificate signature via KJUR: - // - // https://github.com/kjur/jsrsasign/wiki/Tutorial-to-sign-and-verify-with-RSAKey-extension - // http://kjur.github.io/jsrsasign/api/symbols/KJUR.crypto.html - // http://kjur.github.io/jsrsasign/api/symbols/KJUR.crypto.Signature.html - if (0) { - var jsrsaSig = new KJUR.crypto.Signature({ - alg: sigAlg + 'withRSA', - prov: 'cryptojs/jsrsa' - }); - jsrsaSig.initVerifyByPublicKey(kjrsapubKey); // Has to be an RSAKey. - jsrsaSig.updateHex(tbs.toString('hex')); - var v = jsrsaSig.verify(sig.toString('hex')); - if (v) console.log(i + ' verified (KJUR)'); - else console.log(i + ' not verified (KJUR)'); - return true; - return v; - } - // // Verify current certificate signature: // var verifier = crypto.createVerify('RSA-' + sigAlg); verifier.update(tbs); - var v = verifier.verify(fnpubKey, sig); - //var v = verifier.verify(kjnpubKey, sig); - if (v) console.log(i + ' verified (node)'); - else console.log(i + ' not verified (node)'); - return true; - return v; + return verifier.verify(npubKey, sig); }); return verified && chainVerified; }; -var util = require('util'); -function inspect(obj) { - return typeof obj !== 'string' - ? util.inspect(obj, false, 20, true) - : obj; -} -function print(obj) { - return typeof obj === 'object' - ? process.stdout.write(inspect(obj) + '\n') - : console.log.apply(console, arguments); -} - module.exports = PayPro;